+44 3301 333 307 magma@magmacloud.co.uk
Assessment

Cyber Security
Posture Review

An independent assessment of your security posture across all six pillars — cloud, Microsoft 365, network, data, people, and AI. Clear findings. Honest gap analysis. A prioritised remediation plan you can actually act on. The starting point for most of our client engagements.

From £TBC — fixed fee, scoped after your Ignite Assessment
The Challenge

Most organisations don't have a clear picture of their actual security posture.

Security decisions are often made reactively — a vendor recommends a product, an auditor flags a control gap, a breach happens at a peer organisation and you wonder if you'd fare any better. Without a structured, independent assessment of your posture across all six security pillars, you're prioritising based on noise rather than risk. Some areas will be over-invested; others will have gaps that haven't been looked at in years.

A cyber posture review gives you the full picture — not just one pillar assessed in isolation, but a holistic view of where your controls are strong, where they're weak, and what to fix first. For organisations preparing for ISO 27001, Cyber Essentials Plus, a board security presentation, or a regulatory audit, the posture review is the natural starting point.

What We Deliver

Posture Review Scope

Six pillars assessed
  • Public cloud security (Azure/AWS)
  • Microsoft 365 & identity
  • Network security & Zero Trust posture
  • Data security, DLP & governance
  • People security & human risk
  • AI & emerging technology risk
What we assess
  • Technical controls & configurations
  • Security policies & governance
  • Incident response readiness
  • Patch management & vulnerability posture
  • Third-party & supply chain risk
Deliverables
  • Executive summary for board
  • Pillar-by-pillar findings & gap analysis
  • Risk-prioritised remediation plan
  • Current-state posture score
  • 90-day improvement roadmap
  • Findings presentation with your team
Outcomes you can measure
  • Clear security posture baseline
  • Prioritised remediation backlog
  • Board-ready security summary
  • Audit and regulatory evidence
How It's Delivered

The Magma Cloud Lifecycle

The posture review typically covers Phases 1 and 2 — strategy and assessment. Findings then feed directly into the remaining phases as you implement and optimise your security programme.

01
Strategy
02
Assess
03
Implement
04
Optimise
05
Manage
06
Assure
Related Assessments & Services
Common Questions

Frequently Asked Questions

Our posture review covers all six security pillars: public cloud security (Azure/AWS), Microsoft 365 and identity, network security, data security and DLP, people security and human risk, and AI and emerging technology risks. For each pillar, we assess your current controls, identify gaps, score your posture, and produce a prioritised remediation plan with realistic effort estimates.

A penetration test actively probes your systems for exploitable vulnerabilities. A posture review assesses the breadth of your security controls, policies, and configurations across your whole environment. They're complementary: a posture review tells you where your gaps are across all six pillars; a penetration test confirms whether specific weaknesses can be exploited. Most organisations benefit from the posture review first — it tells you where to focus penetration testing effort.

A standard posture review takes two to three weeks: one week of data gathering, configuration review, and stakeholder interviews; one week of analysis and scoring; one week to produce the findings report and prioritised remediation plan. Larger organisations with multiple sites, cloud environments, or complex regulatory requirements take longer. We scope it precisely after your initial Ignite Assessment call.

You receive a written posture review report covering: an executive summary suitable for board communication, pillar-by-pillar findings and control gaps, a risk-prioritised remediation plan with effort estimates, a current-state posture score across all six pillars, and a recommended 90-day improvement roadmap. We present the findings in person or virtually and walk through the remediation priorities with your team.

Yes. The posture review naturally leads into our pillar-specific services — cloud security hardening, M365 security, network security, data security, and so on. Many clients engage us for the review and then retain us to implement the priority remediation items. There's no obligation to proceed — if the review is all you need, that's fine. But if you do want to proceed, the findings become the precise specification for the implementation work.

Start with a Free
Ignite Assessment

The Ignite Assessment

A free 30-minute call with a senior security architect. For the posture review, you leave with a sense of which pillars are most likely to have gaps, a view of whether a full posture review is the right next step, and an honest assessment of your situation. No pitch deck, no obligation.

  • Free — no charge, no catch
  • 30 minutes with a senior architect
  • Posture-specific, honest assessment
  • No obligation to proceed
Independent Security Specialists

Book Your
Ignite Assessment

Whether you're preparing for an audit, presenting to the board, or just need to know where you actually stand — the posture review gives you the full picture.

Book Ignite Assessment